Today, user impersonation is propagated via the $audit field. When $audit is read, the impersonated user and roles are deserialized into MaybeImpersonatedUserMetadata, which is an optional OperationContext decoration. This is then used by ImpersonationSession to temporarily populate the AuthorizationSession's impersonated user metadata.

Once AuditUserAttrs exists as an OperationContext decoration, we can remove MaybeImpersonatedUserMetadata and instead use AuditUserAttrs to convey impersonated user and role information in and out of the AuthorizationSession during RPC reads and writes, respectively.